Japan builds 'good' virus to disable cyber-attacks

With the help of Fujitsu, the Japanese government is developing a computer virus aimed at tracing and disabling cyber-attacks.

According to the Yomiuri Shimbun, it's been working on the virus since 2008, following a $2.3 million deal with Fujitsu, and has already been tested in a closed environment.

The virus works by tracing the sources of a cyber-attack - not just the immediate source, but all those that have been used to transmit it. It can thus get to the source of an attack to disable it.

It's not clear whether using the virus would be legal, as there's no provision in existing law for the use of cyberweapons such as this. According to the paper, Japan's Defense and Foreign ministries are considering possible legislation.

Japan's suffered its fair share of cyberattacks. In recent months, defense contractor Mitsubishi has been hit, possibly compromising military data, along with the country's parliament.

But Graham Cluley of security firm Sophos says he's alarmed by the development, as such so-called 'good' viruses are often a very bad idea.

"Even a 'good' virus uses system resources such as disk space, memory and CPU time. On a critical system a 'good' virus could cause unexpected side effects," he says.

"All programs, including viruses, contain bugs that can have unintended and damaging consequences. If your 'good virus' needs an urgent bugfix, would you release another virus to try and catch it up?"